[Dshield] New virus/remake of Win32.Rightu.A
Ruigrok van der Werven, Jeroen
Jeroen.Ruigrok at t-mobile.nl
Fri Oct 31 11:09:43 GMT 2003
we have a virus here which didn't get picked up by our McAfee virusscanner.
To those who want it, reply and I'll send you a copy.
What I discovered is that the executable has been packed with UPX or
Does anyone know of an unpacker which doesn't run the executable?
I've seen that it replaced netwatch.exe in C:\Windows with an UPX'd
executable and gets instantly started. It is readily viewable in
The email it uses to spread itself with is:
Finally i've found possibility to right u, my lovely girl :) All our photos
which i've made at the beach (even when u're without ur bh:)) photos are
great! This evening i'll come and we'll make the best SEX :)
Right now enjoy the photos.
It seems to be classified by some people as the Win21.Rightu.A virus,
could this be a new strain? Given the fact that it has been known since
July/August this year.
Jeroen Ruigrok van der Werven <jeroen.ruigrok at t-mobile.nl>
Systeem Specialist Unix, T-Mobile Netherlands B.V., Postbus 16272
2500 BG Den Haag | Tel: +31 - (0)6 - 2409 6844 | Fax: +31 - (0)6 - 1409 5852
A sadder and a wiser man, he rose the morrow morn.
N.B.: op (de inhoud van) deze e-mail is een DISCLAIMER met belangrijke
VOORBEHOUDEN van toepassing: zie http://www.t-mobile.nl/disclaimer
This e-mail and its contents are subject to a DISCLAIMER with important
RESERVATIONS: see http://www.t-mobile.nl/disclaimer
More information about the list